The invention is directed to a data exchange system, including a plurality of user terminals using a secret cipher.
The protection of data is playing an increasingly important part in modern data processing and communications systems. The quality of a system with respect to an adequate data protection is critically dependent upon the degree to which one succeeds in making access to the system possible only for authorized persons and, conversely, keeping unauthorized persons locked out with absolute certainty. A simple although not absolutely certain possibility for checking the access authorization to a system is, for example, to use passwords that are only known to the authorized user and that the user can change as often as he desires. Since there is the risk given passwords that unauthorized persons will find them out or hear them, additional protection measures are indispensible. One of these measures, for example, is the encoding and decoding of the transmitted information, a measure that is realizable in data processing systems, among other things, with the assistance of a chip card. With the increasing involvement of the chip card in data processing systems, however, an additional security risk again arises because chip cards can be relatively easily lost. Care must therefore be absolutely exercised to see that the chip card is protected against potential misuse in all instances when lost. The chip card is therefore designed such that the data stored in a protected chip card can only be accessed when the user previously inputs an identifier that is only stored in the chip card, for example, a personal identification number, referred to as a PIN.
A further security barrier can be erected with the assistance of the authentication of the chip card to the system. This authentication prevents an arbitrary subscriber from being authorized to access secret information in the system. A critical precondition for the authentication is a personal feature of the subscriber that cannot be copied. This non-copyable feature of the subscriber is achieved with the assistance of a secret cipher for the encoding and decoding that is known to the two partners, i.e., to the chip card on the one hand and to the system on the other hand, being known, namely, only to these two partners.
In a POS banking system on a chip card basis, it is assumed, for example, that secret data in the cashier terminal are stored in a separate security module, for example, in what is referred to as a security chip card. Given the employment of a symmetrical encoding algorithm, the same, secret terminal cipher must exist in all terminals. This cipher is required in order to calculate a common communication cipher from the card identification number of a customer card. The existence of a universal, secret cipher in the security module or, respectively, in the security chip card of every POS terminal of an overall system, however, is an extremely critical point and, so to speak, the vulnerable location of the system. A number of protective measures have therefore already been considered that make it more difficult to obtain knowledge of a secret, global cipher. According to a first protective measure, a single secret, global cipher K is replaced by a series of n different global ciphers Kl, Kn and, correspondingly, there are different terminal types. Should this cipher potentially become known, thus, the entire system is not jeopardized. However, a customer card must also contain n different ciphers KKl, ..., KKn of which respectively only one is valid at a specific terminal. A second protective measure likewise provides a plurality of ciphers Kl, ..., Kn that are cyclically changed at certain time intervals. For example, a plurality of terminal ciphers Klp, ..., Knp are valid in a certain time phase p. The appertaining customer ciphers KKlp, ..., KKnp, of course, must then be present in a customer chip card.